On Thu, 2005-06-30 at 01:10 +0300, Baron Biza wrote:
> Hello, Im new in this list, I never used IDS, I want start with one
> for Unix (FreeBSD and Linux also), I know about Snort but there are a
> lot of rules to configure by hand,, the WIndows users of Snort have a
> program in graphic mode to configure their Snort, but we not :-(, is
> there any IDS good,with the same level,in graphic mode,or easiest to
> learn?,thnx,good luck.

Hi Baron,

Actually, there isn't much to configure rules-wise for Snort. The rules
are there, you just tell Snort if you want to use it in its config file.
If you want graphical management, take a look at SnortCenter[1]. It can
manage both rules and config files centrally, and is easy to setup and
use.

But hey, nothing beats vim and a good read of the Snort manual if you're
on a *nix platform. Even with SnortCenter, the Snort User Manual is a
must read if you want to know more about writing rules.

Relevant Pages

Re: Value of "richer" signatures?...Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help... Let's say you are using a simple packet grepping IDS... > an FTP connection)....(Focus-IDS)

RE: IDS recommendations... Subject: IDS recommendations...Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product....(Focus-IDS)

RE: "Free" IDS... I am very surprised noone mentioned Demarc PureSecure IDS solution.... It cost less than 2000.00 and it runs off of the snort engine and has a big ... if you want to learn snort then just read up on it. ...(Focus-IDS)